We don't bite newbies here... much | |
PerlMonks |
Re: Perl and Encrypted SAML Tokenby rdfield (Priest) |
on Jun 12, 2017 at 13:01 UTC ( [id://1192577]=note: print w/replies, xml ) | Need Help?? |
Not sure if this helps, since the SAML2 Assertion XML is somewhat different, but here it is anyway:
1. generate a public/private key pair for encryption use 2. went to https://www.samltool.com/encrypt.php and generated an encrypted SAML2 Assertion, using RSA_OAEP_MGF1P for "Encrypted Method for key", "AES128_CBC" for "Encrypted Method for the data" and the public cert from step 1. Saved the output to a file, encrypted_assertion.xml 3. My private key was in PKCS#8 format, so generated a PKCS#1 version of it using openssl rsa -in myenc.key -out myenc1.key (the Perl code I use only accepts PKCS#1 format) 4. from the SAML2 spec I see that the first 128bits of the encrypted data is actually the IV, https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes128-cbc (section 5.2.2) 5. using the code from http://stuff-things.net/2007/05/02/encrypting-sensitive-data-with-perl/ to retrieve the encrypted key from the XML (hence the PKCS#1 version of the private key in step 3, to use in the CBC decoding of the data, I came up with the following code (after much trial and error with the Crypt::CBC parameters):
There are some junk characters at the end of the output, I guess it's some padding. This takes 0.455s to run. Using perl -e 'print `xmlsec1 --decrypt --privkey-pem myenc.key encrypted_assertion.xml`' takes 0.015s, and outputs no junk. rdfield
In Section
Seekers of Perl Wisdom
|
|